[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] Re: [hobbit-announce] Hobbit monitor: Security issue with Hobbit 4.2-beta client
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] Re: [hobbit-announce] Hobbit monitor: Security issue with Hobbit 4.2-beta client
- From: Charles Jones <jonescr (at) cisco.com>
- Date: Fri, 30 Jun 2006 14:33:01 -0700
- Authentication-results: sj-dkim-4.cisco.com; header.From=jonescr@cisco.com; dkim=pass ( 60 extraneous bytes; sig from cisco.com verified; );
- Dkim-signature: a=rsa-sha1; q=dns; l=2467; t=1151703181; x=1152567181; c=relaxed/simple; s=sjdkim4001; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jonescr@cisco.com; z=From:Charles=20Jones=20<jonescr@cisco.com> |Subject:Re=3A=20[hobbit]=20Re=3A=20[hobbit-announce]=20Hobbit=20monitor=3A=20Sec urity=20issue=0A=20with=20Hobbit=204.2-beta=20client; X=v=3Dcisco.com=3B=20h=3D6y+OYWjo0VMmIEXQGkomqyslbB8=3D; b=FAt5hxLHk1M7lCtzx+kVOz9oC9P5s0zORdfFgekZyv13fx8zlgYZxaKz6+TILtch3sykcsp2 8m9q2xBvB/6YQsAr/oiwdMI36LK6OLX+nFoeW2fNeB94CPc4ARTS5RGw;
- Organization: Cisco Systems
- References: <20060630164724.GC24915@hswn.dk> <20060630174723.GA18901@qwestip.net>
- User-agent: Mozilla Thunderbird 1.0.8-1.4.1.centos4 (X11/20060421)
Asif Iqbal wrote:
For our systems we make sure if a log file needs to be monitored,
it is atleast readable by a group in which `hobbit' user belongs to.
Same here, and in some installations, root access just plain isn't
available.
Running logfetch as suid-root will most likely be removed in the final
Hobbit 4.2 release of the client.
I like that
Agreed. Everything (except hobbitping?) should be non-suid by default,
and even if hobbitping remains suid, "make install" should not get a
critical error if it cannot perform the chown and chmod of it. Perhaps
there could be a blurb in the docs to remind folks to make sure that
monitored logfiles need to be readable by the hobbit user or group, and
leave SUID-ing logfetch up to the user, at their own risk.